Student Data Privacy
Student Online Personal Protection Act (SOPPA)
Effective July 1, 2021, school districts will be required by the Student Online Personal Protection Act (SOPPA) to ensure that student data is protected when collected by educational technology companies, and that data is used for beneficial purposes only (105 ILCS 85).
DISTRICT REQUIREMENTS: Below is an overview of the new requirements. Please refer to the legislation for specific timelines and components of each element. School districts must:
1. Annually post a list of all operators of online services or applications with which the District has a contract.
2. Annually post an explanation of all data elements that the District/school collects, maintains, or discloses to any individual, entity or governmental agency. This information must also explain how the District/school uses the data, and to whom and why it discloses the data.
3. Post contracts for each operator within 10 days of signing.
4. Annually post a list of subcontractors for each operator, to whom student data may be disclosed.
5. Post the process for how parents can exercise their rights to inspect, review, correct or request a copy of student data.
6. Post data breaches within 10 days and notify parents within 30 days which notification shall include a description of the covered information that was compromised, among other information.
7. Create a policy for who can sign contracts with operators.
8. Designate a privacy officer to ensure compliance.
9. Maintain reasonable security procedures and practices. Agreements with vendors in which information is shared must include a provision that the vendor maintains reasonable security procedures and practices.
Below you will find a list of approved District vendors which collect student data and meet the requirements of SOPPA. The District is required by SOPPA to make the information publicly available.
Family Educational Rights and Privacy Act (FERPA)
FERPA protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.
Children’s Online Privacy Protection Act (COPPA)
COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
Children’s Internet Protection Act (CIPA)
Schools and libraries subject to CIPA may not receive the discounts offered by the E-rate program unless they certify that they have an Internet safety policy that includes technology protection measures. The protection measures must block or filter Internet access to pictures that are: (a) obscene; (b) child pornography; or (c) harmful to minors (for computers that are accessed by minors).
Protection of Pupil Rights Amendment (PPRA)
PPRA is applicable to programs that received funding from the U.S. Department of Education and is intended to protect the rights of parents and students in two ways:
It seeks to ensure that schools and contractors make instructional materials available for inspection by parents if those materials will be used in connection with an ED-funded survey, analysis, or evaluation in which their children participate; and
It seeks to ensure that schools and contractors obtain written parental consent before minor students are required to participate in any ED-funded survey, analysis, or evaluation that reveals certain information.